Controlling access point access with tacacs, Default tacacs+ configuration, Configuring tacacs+ login authentication – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual
Page 215
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
215
Administering the WAP Access
Chapter 6
Controlling Access Point
Access with TACACS+
This section describes how to control administrator access to the wireless device
by using Terminal Access Controller Access Control System Plus (TACACS+).
For complete instructions on configuring the wireless device to support
TACACS+, see
Configuring RADIUS and TACACS+ Servers on page 407
TACACS+ provides detailed accounting information and flexible administrative
control over authentication and authorization processes. TACACS+ is facilitated
through AAA and can be enabled only through AAA commands.
For complete syntax and usage information for the commands used in this
chapter, see th
.
Default TACACS+ Configuration
TACACS+ and AAA are disabled by default.
To prevent a lapse in security, you cannot configure TACACS+ through a
network management application.When enabled, TACACS+ can authenticate
administrators accessing the wireless device through CLI.
Configuring TACACS+ Login Authentication
To configure AAA authentication, you define a named list of authentication
methods and then apply that list to various interfaces. The method list defines the
types of authentication that is performed and the sequence that they are
performed; it must be applied to a specific interface before any of the defined
authentication methods are performed.
The only exception is the default method list. The default method list is
automatically applied to all interfaces except those that have a named method list
explicitly defined. A defined method list overrides the default method list.
A method list describes the sequence and authentication methods to be queried
to authenticate a user. You can designate one or more security protocols to be
used for authentication, thus ensuring a back-up system for authentication in case
the initial method fails. The software uses the first method listed to authenticate
users; if that method fails, the software selects the next authentication method in
the method list.
This process continues until there is successful communication with a listed
authentication method or until all defined methods are exhausted. If
authentication fails at any point in this cycle—meaning that the security server or
local username database responds by denying the user access—the authentication
process stops, and no other authentication methods are attempted.